CVE-2026-49180 affects the Windows Universal Plug and Play library, upnp.dll, and can allow a locally authenticated attacker to expose or improperly affect protected information through unsafe link handling. Microsoft disclosed the flaw on July 14, 2026, alongside its monthly security updates...